Leveraging Lookups and Subsearches is an intermediate Splunk Education course that builds on basic lookup knowledge to cover advanced data enrichment and correlation techniques.
What You Will Learn
- Use subsearches to generate dynamic values used in outer search filters and lookups
- Apply the join, append, and appendcols commands to combine data from multiple searches
- Create and query KV Store lookups to store and retrieve dynamic data
- Understand subsearch performance limitations and best practices for optimization
- Build correlation searches using lookup-enriched data for security and operational use cases
Who Should Attend
Splunk power users and analysts who are comfortable with basic SPL and want to master advanced data correlation and enrichment techniques.
Prerequisites
Completion of Splunk Fundamentals 2 or equivalent experience with transforming commands and basic lookup usage.
